[tor-talk] Torbutton-birdy version 0.0.2

tagnaq tagnaq at gmail.com
Sun May 27 15:43:15 UTC 2012

Hash: SHA512

Hi Tom,

> Wouldn't this (or some of the other header settings) allow the 
> recipient or general public (if a mailing list post) to learn that
> a person was using TorBirdy?

I don't think that Sukhbir and Jake aim for an undetectable TorBirdy,
but as soon as another email client has also an extension like
TorBirdy and agrees on the same header field settings I guess it
wouldn't be easy to determine the client in use by looking at the
header. The MSA would very likely still have the "power" to determine
the client (version).

> I hate to say it, but "What's the threat model?"

My thread model is described on page 6 of the following paper:

> The entire SMTP-server path is in email headers AFAIK - does that 
> include the connecting IP (e.g. the tor exit node?).

It depends on the mailserver settings but in almost all cases it
includes the connecting IP (the exit node's IP if you send your emails
through Tor). If you use gmail via webmail it does not include your
source IP in the outgoing email header.

> If it does, then the next part doesn't matter - if it does not: a
> recipient wouldn't be able to learn that the sender sent it using
> TorBirdy... unless TorBirdy used some non-standard and
> distinguishing email header or setting... like this one.

As soon as you decide to modify the header to reduce certain leaks
your mail header is easily distinguishable. As soon as you introduce a
new header fingerprint it will always be more unique (at the
beginning) but someone has to start with a new one that leaks less
information even if your fingerprint is used by fewer people.

> Is that important?  It seems like it would be.  As an example, go 
> through this thread, and see whose reply header is of the form "On
> X, Y wrote:" and now you know who's not running the latest
> version.

I'd consider it as important to have all torbirdy "stable" users in
one anonymity set as soon as there is a feature complete stable
version. I consider the current version as experimental.

> [1] https://ritter.vg/blog-no_email_security.html
typo: trsnafers

btw: Great talk at BH EU.


More information about the tor-talk mailing list